Cybersecurity solutions for critical energy infrastructure are imperative for reliable energy delivery. In today's highly connected world, with an increasingly sophisticated cyber-threat, it is unrealistic to assume energy delivery systems are isolated or immune from compromise. CESER works closely with its private and public partners to accelerate the research, development and demonstration (RD&D) of next-generation cyber-resilient energy delivery systems and components.

Cybersecurity for the power grid must be carefully engineered to not interfere with energy delivery functions. For instance, the power grid has some legacy devices that are decades old, with limited computational resources and communications bandwidth to support cybersecurity protections. Control and protection devices are widely distributed, and some are in unmanned, remote substations or on top of poles in publicly accessible areas. Access controls are important and must not jeopardize normal operations or emergency responses.

Cybersecurity for the modernized grid is bringing together two communities that until recently have spoken different languages. Information technology (IT) speaks the language of computers and networks that support utility business administrative processes. Operational technology (OT) speaks the language of electronic devices with embedded operating systems streamlined to support energy delivery functions, and operational networks. Utility IT and OT differ in important ways, making it necessary to develop tailored cybersecurity protections for OT systems. However, each has benefits that can be gained from the other.

IT is increasingly being adapted to support OT in utilities so that operating systems, computer platforms, and networks commonly used in IT are now found in some OT architectures. The increasing use of IT computers and networks in OT architectures brings the need to protect these systems against malware developed to attack IT systems.

RD&D is a multidisciplinary area where partnerships are critically important - for example, computer scientists and power systems engineers work together to develop solutions that support energy delivery processes. Most importantly, the tools and technologies developed through these partnerships must not interfere with these processes; for instance, cybersecurity measures must not slow down communications when timeliness is critical.

These multidisciplinary partnerships have resulted in cybersecurity tools and technologies, some of which have had impact across the nation and been deployed in every state. The success of the program is determined by the number of tools and technologies that have been transitioned to practice and are now available to the energy sector, reducing the risk that a cyber-incident can disrupt energy delivery.

Cybersecurity for Energy Delivery Systems (CEDS) R&D Program

CESER’s Cybersecurity for Energy Delivery Systems (CEDS) R&D program aligns all activities with Federal priorities as well as the strategy and milestones articulated in the energy sector’s Roadmap to Achieve Energy Delivery Systems Cybersecurity that envisions resilient energy delivery control systems designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.

CESER designed the CEDS R&D program to assist the energy sector asset owners by developing cybersecurity solutions for energy delivery systems through a focused research and development effort. CESER co-funds projects with industry partners to make advances in cybersecurity capabilities for energy delivery systems. These research partnerships are helping to detect, prevent, and mitigate the consequences of a cyber-incident for today’s and tomorrow’s energy delivery systems.

Since 2010, DOE-CESER has invested more than $240 million in cybersecurity research, development and demonstration projects that are led by industry, universities and National Labs. Since then, more than 35 new tools and technologies that CESER investments helped support are now being used to further advance the resilience of the Nation’s energy delivery systems. Find more information about these projects and others.

Every two years, CESER conducts a peer review of research partnerships that provides researchers, stakeholders, and management with an expert, unbiased assessment of strengths, weaknesses, and specific recommendations for improvement. CESER receives high-quality technical input to assist in making decisions and setting priorities for the program’s future direction. Importantly, the peer review process provides public accountability for the use of public funds.

CEDS R&D also funds academic collaborations, in partnership with DHS S&T, to bring together institutions with the expertise and vision needed to develop and transition innovative technologies that will help utilities to survive a cyber incident while sustaining critical functions. This initiative is focused on creating teams of academic institutions with expertise in power systems engineering and the computer science of cybersecurity. The teams are developing and implementing multi-disciplinary research plans to produce new cybersecurity tools and technologies and make them available to the energy sector. Utilities and suppliers of energy delivery systems and components are engaged at all stages, from the earliest research through the eventual transition to use by the energy sector. Lessons learned will be shared through academic outreach to ensure that the technical knowledge also transitions to the energy sector.

For more information regarding any of these research projects, please refer to the fact sheets.